Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."

I thought we were past the "being surprised that websites get hacked" years ago.

This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

It's software that is intended for a malicious purpose contrary the wants and needs of the user.It is malware, it's just not running from a platform usually used for such things.I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.(And yes, those ms word worms are viruses because they are infecting an executable code, even if it's something most people don't realize is executable code. And executable code does not mean.exe files, though those are one

It is malware, it's just not running from a platform usually used for such things.

True, but the important point is the platform in question is not OS X and it is somewhat disingenuous to pretend it is. The platform is "any web browser that automatically reloads the last visited site if you force it to quit".

No, I am saying OS X is much LESS vulnerable to malware, and that some people are desperate to make it SEEM as though OS X gets malware to the same extent PC's do even when facts do not bear that out.

So desperate in fact, that they jump the gun and claim a Javascript hack is the same as system level malware... all because they didn't simply try to look at the facts at what it was, just react to the presence of "OSX" in the headline.

A few weeks ago, the computer in my lab that is connected to two somewhat expensive bits of equipment came down with this. That was more surprising to me. It's connected to the gel imager and is in a common area. People put agarose gels in the imager and then forget to take off their gloves to use the computer. The keyboard is probably covered in ethidium bromide. [wikipedia.org] Why someone would be watching porn on it is beyond me.

I guess on the bright side, semen being on the keyboard isn't a huge concern compar

...well, there's a pretty simple way to check whether or not your fears are founded. Just shine a UV lamp on the keyboard and examine the shapes of the stains. This is like the forensic chemistry equivalent of a textbook physics problem set in a textbook factory.

You could enable the the "Develop" menu in preferences and then select "Disable JavaScript" on the problematic page without having to reset anything (you could also open the JavaScript console and stop it). This really has nothing to do with OS X and isn't even browser-specific. There's, of course, a browser-specific answer to it (it only takes a few minutes to create a Safari plug-in to block it).

The definition in the article is "ransomware is malware which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated"

I'd say it qualifies. It restricts access to the computer. Malware usually follows the KISS principle better than most other software, which is one of the reasons why it can become so widespread even though a commercial software package can be a pain in the ass to get it to work. If your software absolutely, pos

I've been seeing variations on this one for a year or two now, sometimes connected with the "Yahoo Porn Bug" I wrote about in my journal, sometimes not. The main thing when it comes to a lot of this crap is to explain and assure the public its bullshit, you'd be amazed how many can be put into panic mode by a letter that looks like it comes from authority and of course guys getting child porn charges for Simpsons cartoons and manga really doesn't fucking help matters in that regard.

Now I don't know how it is on OSX but on Windows these kinds of bugs aren't that hard to kill a good tool for the job I've been trying out in the shop is the Emisoft Emergency Kit [emsisoft.com] which is free for personal use but so far looks to be worth the cost of a license if you work in a shop. The whole thing runs on a stick and so far it seems to be pretty damned good at detecting all kinds of bugs and its CLI scanner so far has been pretty good at getting around the run blocks some of the malware uses.

Not really a bug, but rather an implementation. Unfortunately Safari, like IE, allows websites to change the display of a browser window(for instance, no longer display the URL) and to display modal windows that effectively hijack the browser. While there are a few legitimate reasons to allow this, for the most part they are used to keep people on a page against their will.

A lot of this comes from the effort of MS to turn the web browser into an application front end, and many of the legitimate uses are

It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

Even if the user knows it is a fake warning, and even if the user knows it is the site that has been hacked, if Safari will not let the user close the page and move on, it is broken. It should be fixed. Does Safari always restore the old sessions without allowing the user a chance to start fresh sessions? If not it is broken.

Dudes, in Germany and Austria and Switzerland, these scams have been around for years. They usually tell you that your computer has been locked by the police, and that you need to pay a fine in order to get it unblocked. Nothing new here. News at eleven.

If you use OSX and practice safe computing (that means NO JAVA FOR YOU), then yea, you're tough as nails to crack. No OS is idiot-proof, though.

The same can't be said for many variants of Windows, especially those still using XP where inserting an infected thumb drive will wreck havoc on your system, hell no, on your entire enterprise network.

Absolutely no contest there, man, although that doesn't mean it does not happen.

Our hospital network just changed from a major XP install to a Seven one, and most clients are running WITH admin priviledges. Hey, that's not a bad thing on my side: I'm just a practicing MD, but I bet my workstation is far safer than everyone else's because I can fix the dumb stuff they did via GPOs.

Our corporate Macs which I maintain have an antivirus installed due to policy, but the only thing it ever finds is Windows viruses that arrive via email attachments that manage to get through the email gateway scanner.

The #1 thing that protects our Macs: The user does not have administrative credentials.The #2 thing that protects our Macs: Applications are all deployed via a centrally managed repository, which allows for #1.

>Also, last time I inserted any USB into my XP box, it popped up a dialog asking what I should do with it.

Then I have two bad news for you: one, you're not up to date on your security patches, namely disabling autorun from removable drives, and two, you are one social engineering step away from being infected. That's how it starts, you click on an icon that looks like a folder but you're actually running malware.

Is it? A malware program like this has been attacking windows computer lately. It scans IPs for port 3389 (remote desktop) and then tries to brute force into the system. Once it's inside, it runs a script that RARs all your files with a huge random password. Then they demand a $2000 ransom to recover it.

It happened to a customer of mine who "refused to run a VPN because it slowed things down" and had port 3389 open to the public. There are also scans on port 5900 (VNC server).

No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.

That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.

> A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7

That's just the deluded nonsense of a Lemming.

There have been virus ridden minority platforms before. This was quite common back when there were actually other platforms to choose from. Operating systems in those days were much less robust. Viruses were common because those platforms suffered from similar nonsense that Windows does now.

Whatever it takes to make you sleep better. But the illogic of that has long been shown (e.g., compromised web servers used to be nearly all IIS despite it having a minority share -- yeah, times have changed, but that just further illustrates that "market share" is not a controlling factor). Your overly facile argument reveals how little you know of the business.

In reality malware was originally written by people trying to show off their "super skills" or who had a grudge of some sort. By and large they wer

On paper Windows has always been more secure than Mac OS. It isn't the OS

1) A user community that upgrades quickly2) A willingness to break backwards compatibility3) Apple's ability to get their community to fall in line if there is a crisis4) A community with a heavy percentage of computer enthusiasts.

But this is not Malware! Just a rouge website with some crafty Javascript! The Windows version actually locks the computer and you are forced to Re-install Windows! ! On the Mac version, all you have to do is reset safari from the menu-bar and all is well again! It is very annoying to the end user, but that's all!

Different viruses. The one for windows attacks through RDP port. I've seen scans on port 5900 too. Nothing would keep a similar virus from attacking Mac if you run any sort of remote access and a weak password.

The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.

The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.

Almost certainly would be a trojan rather than a virus in that case.

Mind you, it's a bit rich to equate "Macs don't get viruses" (true) with "Macs are immune to all forms of malware" (patently false).

There is no meaningful distinction between a "trojan" and a "virus". The old, simplistic application of the terms "trojan", "virus" and "worm" never really made that much sense, but it is pretty meaningless now. Each of those designations simply refers to a method of infection and nothing prevents multiple vectors from being employed. And plenty of malware does that. In fact, the majority I run across do none of those things.

The predominate vector in use today is malvertising. It generally exploits a vulner

That's pretty much my point - Macs may not get viruses in the traditional sense of the word, but the computer virus in its traditional sense is more-or-less extinct. They're sure as hell vulnerable to malware, which is a far better term for modern use.

> Nothing would keep a similar virus from attacking Mac if you run any sort of remote access and a weak password.

It's funny you should mention that because I run a daemon that checks/var/log for suspicious activity. When it finds something that looks like a brute force attack, it blocks the attacker with a firewall rule.

Now this thing is a nice ready made app available through my distro's standard repos. But in the old days, I cobbled the same thing together with a bash script.

But for the non-tech folk out there who just thought it was going to be cool to be able to check his home computer from work, you can't blame him for trying. Maybe he thought clicking "enable remote access" didn't have such heavy security implications.

We learn from our own mistakes. Given your 4 digit UID, I seriously doubt your record is spotless. I'm sure you had a system or two compromised until you learned to become almost paranoid about security.

I love how the Windows users get *so* irritated when Mac users point out to them how their machines generally "just work" without all the virus and malware hassles, need for (often costly) anti-virus software and subscriptions, etc.

The only people I see really trying to "pound some sense" into OS X users to use anti-virus software are the companies hawking the stuff.

I use both Windows machines and Macs practically every day. I work in a corporate environment where we're pretty much a 50/50 mix of both platf

A proper anti-virus should work quietly behind the scenes. There's no such thing as a fool-proof AV any more than there's a 100% effective vaccine. For every infected machine we have, we have several dozen more that report blocking infections or at least crippling the malware.

Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among ot

It's more of a liability issue, that's why we're not too concerned with which AV they use. They sign off on their computer being protected, and if it gets infected, it's on them. Most people bitch about having to sign off on having some form of malware protection because "it's a Mac"

So, essentially, you're tickboxing the installation of antivirus software. I'd install ClamXav and tick that box, if it was me. Macs aren't necessarily totally invulnerable, but I've never had active antivirus on my Mac, and I've taken it all over the world and used all sorts of dodgy free WiFi, and never had an issue. The only thing I do is a scan of removable media using Clam if I think it's come from someone who's unlikely to have protection on their Windows box. I put my 3G dongle on my parents' XP

Note, for example, that MSSE was a perfectly good antivirus until Microsoft baked it into Windows 8. Then, surprise surprise, it started failing every AV comparatives, because a every virus was compiled specifically to evade detection.

Lets put it another way. If every OSX box has the same anti-virus updated on the same schedule, why would anyone release a virus for OSX that didnt 1) evade current detections and 2) break the updating mechanism so that it cant

You can't break the updating mechanism. That runs in a protected mode applications don't have access to it. That's one of the differences between capabilities and permissions, which NT supports too but Microsoft can't use as aggressively because of worries about backwards compatibility.

Right, that's not because these users are not aware that there's a threat of getting some kind of malware on their machine. This is because the problems caused by the antivirus software are as bad as the problems caused by a virus, so basically, you're asking them to guarantee that they have something malicious on their system, rather than simply having a 1 in a million chance that they do.

I find a surprising number of people who don't know the difference, not just dumb people but even those with normal intelligence who are competent in their fields.

Perhaps we can illustrate with movie examples. CIA = Jason Bourne, assassin we send abroad to kill foreign nationals who create trouble for the U.S. gov't. They only operate outside the USA, as they are forbidden by law to spy on or kill anyone inside the USA.

FBI = Jodi Foster in Silence of the Lambs, police who catch criminals inside the USA. The